I have a document structure where I would like to grant read-only permission to specific group on a sub folder within a document library.
I am using SharePoint 2007
For example:
Folder : Business <--- Document Library under business I have two sub folder.
---> 2009 --> Sub Folder --> store all docs
-----> 2010 --> Sub Folder --> store all docs
Now, I have two groups: Group A, Group B. I would like to grant read-only permission for the 2009 folder to Group A and grant read-only permission for the 2010 folder to Group B. I want to make sure Group A people cannot access the documents under the 2010 folder and vice versa.
I have tried to setup a target audience on Business folder. But I am unable to find a way to setup permissions on the sub folder level. Please let me know how can I achieve this.
This is just configuration:
In the document library, hover the mouse over the folder to see the drop down menu.
Activate the drop down menu by pressing the down arrow
Choose Manage Permissions
Click the Actions menu and choose Edit permissions. Confirm that you want to break inheritance of permissions from the parent.
Edit the permissions as required.
Obviously, you need to be logged in as someone who can change permissions (a site owner or similar) to be able to do this.
If you need a way of progamatically doing this you can modify this script to suite your needs: powershell-to-get-a-list-of-all-folders-in-downloads-pivots
I suggest creating groups for each folder you want to set permissions and then put the people in there. If manual is all you need, then Chris' soulution is perfect :)
Related
Currently i generated excel file from TFS 2013.
I want to disable editing this file for some specific users.
I tried to add these users in the group Reader only, but they can modify the excel file then publish it.
On the other side, i want to give them the ability to refresh the excel file and get the latest status.
By "publish" I assume you mean the Check In permission. Readers don't have an explicit Deny on Check In by default, so you may find that people who can still Check In are members of another group with permissions. The usual group being the Contributors group.
To force the matter you can go to the file in question in Source Control Explorer, right click it and select Advanced -> Security and then explicitly set the Reader group to Deny for the Check In right.
I assume that you mean "publishing work items". If you do then people in the readers group will not be able to publish unless they also have contributed rights. So while they can click "publish" they will not be able to make changes on TFS, and they will be able to refresh.
I have used a tool to move over 20 folders into a document library. The tool also moved over the read only rights for the folders.
Now I have 3 users I need to add so that they have contribute access to all of the folders on that library. But when I go to people and groups all I see is stuff for the home page. I only want to give rights to this document library. Do I break inheritance and give individual permissions to everyone listed in the contribute and read only groups?
I am unsure of how to give contribute rights ONLY to 3 people for 1 document library?
You will have to break inheritance for the Document Library and configure the permissions for that Document Library the way you want. These permissions will flow down to all of the folders in the Document Library, unless you break inheritance at the folder level.
You may want to consider creating a SharePoint Group, to which you can add the 3 people, and grant the group Contribute rights to the Document Library. That way if you need to change who can access the Document Library, you can just edit the Group membership. I believe that this is best practice.
Let me be a little more specific.
I'm working on a web app that provides management of documents and we need to apply security settings to the folders and documents. The folder structure exists entirely in the app (so there is no folder structure on a disk anywhere).
Now, assume that I have a folder structure like this ...
root
-- DirA
---- DirA1
-- DirB
----DirB1
If this were windows, and a user had rights to change the security settings on all folders in the structure except DirA and opted to make a change to root and all its children, what folders would be effected?
My gut feeling is root, DirB and DirB1 but I'm not sure.
The point is, I want to duplicate the functionality - in terms how /how/ settings are applied - to my app. So, I'm just looking for a simple explanation.
--
Simple of Grantham
When you to set security rights for a user/group in Windows, you also specify whether those rights are inherited to all subfolders. So, if you give the user the right to modify rights in root, you would have to make those rights non-inheritable or they could modify DirA as well. However, Windows doesn't grant rights to modify security settings for a folder unless the user has "Full Control" over that folder. I believe this means that if the user has full control to root, he could delete DirA and add a new DirA, with whatever rights he chooses. To get a better feel for how directory rights work, right-click on various folder icons in Windows XP, choose Properties, then select the Security tab. Study this pane, and then click on the Advanced button to see how rights are inherited. By clicking on the various buttons you will see that by selecting certain rights, such as Full Control or Modify, all other rights are automatically included.
Is there a way to limit the "edit item" permission in WSS 3.0 to only allow a user to edit his own documents or list items? We need the ability for a user to edit only documents/list items he creates - NOT items that someone else created. So, essentially we need a sub-set of the EDIT permission as well as ADD.
Is this possible in Windows Sharepoint Services 3.0? Is there a way to create custom permissions in code or a feature?
WSS has a basic UI for setting item-level permission on list items, but they hide that from the UI for document libraries. If you go into Settings->List Settings->Avanced settings for a list, you'll see the options to do pretty much what you're asking for. However, on document libraries, that UI is not available. The settings it drives, though are avaiable via the object model.
You could set those same properties for a document library like this:
SPDocumentLibrary onlyOwnLib = theWeb.Lists["DocLibName"]
onlyOwnLib.WriteSecurity = 2;
onlyOwnLib.Update();
And that should about do it. However, apparently that doesn't really set permissions; it just controls what the user can do via the UI. If they had another interface to the library (like via WebDAV) or list (like via the web services), it wouldn't prevent them from editing items they didn't create. If you want true item-level permissions, I think you need to go the event handler route.
This post from Matt Morse explains it in more detail, and he even wrote a command line tool to set the property (plus the .ReadSecurity property) for lists and libraries.
If you added an event handler to the document list you should be able to limit edit rights on that item to the user that created the item.
I often have to copy documents from another system into a list in SharePoint, and in that case the edit rights will be assigned to the system user that transfered the document, unless you use the approach suggested by Kirk Liemohn here
Note that item level permissions on large numbers of documents increase the load on your SQL server quite a lot.
here is the solution for your request.
go to the list -> list settings -> Advanced Settings
you will see the section of
Read access: Specify which items users can read
All items
Only their own
Edit access: Specify which items users can edit
All items
Only their own
None
select the options based on requirement. that's it done..
wanna more click on http:// mastermoss.wordpress.com
This is an old question, however the problem still exists.
A way that has worked well for me in the past is to use a workflow to configure the permissions when the library item is added.
See http://www.sharepointusecases.com/index.php/2010/03/configure-item-level-permissions-for-document-libraries-part-2/ for details.
I believe that permissions like that can be created through the user interface. It depends on the scale and number of list items you have, but you could do one of two things. First (without having to create scripts) you could give everyone a custom "Read" permission access which would not allow them to do everything you can in in the Read permission but allow them to Add Items. Then on an item-by-item basis, click the item -> manage permissions -> (Give the specific user Contribute permissions on their document).
If you're creating a SharePoint list that this will not be practical, you can create a script to traverse through all items, and will verify the user has contribute permissions (otherwise it will set the contribute permission to that user).
Additionally, you could just give each person their own folder.
Give everyone read permissions on the SharePoint list/document library, but give each person full control privileges over their own folder. This will allow everyone to read everything in a list, but create/edit their own documents.
If you want the 'Only their own' permission on a document library, it isn't there out of the box. But I've created a solution at CodePlex that adds this for Document Libraries - check it out at http://moresharepoint.codeplex.com.
We have a SharePoint Team Site (WSS 3.0 not MOSS), that includes Tasks list to records every tasks related to a project. Here's the scenario.
Users :
List item
Supervisor1
TeamMember1
TeamMember2
TeamMember3
How do we set the permission settings so that
Every users (Supervisor and team members) can see any tasks.
Supervisors can edit any tasks
Team members can only edit their own tasks (tasks that were assigned to them, or created by them)
I was unable to achieve the intended results using standard WSS permission settings, without resorting to manual permission settings on each item in the list. I'm imagining that the automatic solution has to be accomplish using some sort of workflow or trigger.
you do not need any workflow or event handlers ( still you can use them for your purpos but they will slow down the performance if you will be having a lot of items)
go to setting --> list settings
click on Advanced Settings
in Item-level Permissions in read access select all items
and in the same place in Edit access select only their own
and in permissions give list members a contributer role
for the suppervisor you can give him higher permission i think designer will work, or simply you can give him full controle on the list
You can set permissions by going to your List, click Settings dropdown. Under Permissions and Management, click "Permissions for this List". Click Actions and select Edit Permissions. Select the User/Group you want the permission to be changed then Click Actions & select Edit User Permissions.
HTH!
Create a class that inherits from SPItemEventReceiver and override the ItemAdded method, setting your custom permissions in the overriedden method using the API.
http://blogs.msdn.com/brianwilson/archive/2007/03/05/part-1-event-handlers-everything-you-need-to-know-about-microsoft-office-sharepoint-portal-server-moss-event-handlers.aspx
Yes, you would have to write an event handler or workflow that will run upon item creation which would look at these column values and set the item level permissions as such.
I recommend you to check this solution: SharePoint Column/View Permission by SharePointBoost (199$)
Through this you can set read only permission to people you want on all the items, Your requirement "Every users (Supervisor and team members) can see any tasks" is solved!
Also you can set edit permission to Supervisors. Second trouble solved!
As Ali said, advanced permission>items level permission can fulfill your last requirement.
It seems that you need a workflow to automatically assign permissions based on the user roles or [Assign To] fields.
Try the third-part tool Permission Workflow, this may help you to solve the issues.